Comment # 5
on bug 8112
from Evan Huus
(In reply to comment #4)
> however, I'm not sure if such a check is the best way of fixing this.
>
> When it gets a negative length, tvb_get_ephemeral_unicode_string() returns a
> string which contains only the 0 termination - there's no indication that
> something went wrong. Should we return NULL for an invalid length parameter?
> Or throw an exception?
I suspect an exception is the right thing to do here.
> The resulting string is then passed to format_text() with the original
> (stupidly large) length. format_text() starts processing without any checks
> and crashes. Should we check that string is non-NULL and cotains no 0x0
> character within len-1 bytes??
Yes, this also.
You are receiving this mail because:
- You are watching all bug changes.